Skip to main content
Robbo009
Robbo009
New Member
September 10, 2019
Solved

Recommendation for Fortigate 80e and 2 vlans

  • September 10, 2019
  • 2 replies
  • 4229 views

Hi all,

I'm proposing the following setup for a small office with a Fortigate 80e. Is this the best way to do it? 

 

They have two Cisco 2960x switches connected with fibre and one Fortigate with a WAN connection.  They need 2 VLANS which I have created on the switches and require one DHCP scope for each VLAN to have them separated and not accessible between each VLAN. 

 

Should I connect each vlan to the FG80e separate lan port? IE VLAN 1 to LAN port 1 on the FG and VLAN2 to lan port 2 on the FG? Or should I only use one LAN por on the FGt and add each VLAN to that port? Whats the best practice here? 

 

Thanks,

Rob

    Best answer by andrewbailey

    Rob,

     

    The 80E now supports LAG groups in the latest version of software.

     

    If you have spare ports available it may make sense to create a LAG group on the 80E, connect that to the Cisco switches and then add your VLANs over the LAG group.

     

    That provides a slight more resilient solution perhaps?

     

    Just my thoughts :)

     

    Kind Regards,

     

     

    Andy.

    2 replies

    orani
    orani
    New Member
    September 10, 2019
    It is the same think. If you connect two vlans over one port the disadvantage is that you lose speed. Both vlan clients will share 1000mbps wan traffic. In the other case (each vlan to different fw port) you will have vlan 1 clients having 1000mbps and 1000mbps for vlan 2 clients. In the second scenario i think that is less the configuration you have to make. So if i were you i would choose the second scenario. Two separete subnets on fw.
    wkana
    wkana
    New Member
    September 10, 2019

    I'm not a Fortigate expert by any means, but we just installed a 100e at one of our remote offices and I configured 7 vlans on one port (port 16), which is connected to a trunk port on our Cisco 2960-X stacked switch. Everything is running smoothly...thus far.

     

    We used port 16 because a little research revealed that you should keep port's 1 and 2 free. However, it escapes me as to why. 

     

    Bill

     

    sw2090
    SuperUser
    sw2090
    SuperUser
    September 11, 2019

    I do the same here with up to 10 vlans on one port and hp/dell switches without any problems.

    andrewbailey
    andrewbaileyAnswer
    New Member
    September 11, 2019

    Rob,

     

    The 80E now supports LAG groups in the latest version of software.

     

    If you have spare ports available it may make sense to create a LAG group on the 80E, connect that to the Cisco switches and then add your VLANs over the LAG group.

     

    That provides a slight more resilient solution perhaps?

     

    Just my thoughts :)

     

    Kind Regards,

     

     

    Andy.

    Terms & ConditionsAccessibility statement